Date
July 1, 2025, 11:08 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 21.972445] ================================================================== [ 21.973294] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 21.973491] Write of size 121 at addr fff00000c76c3a00 by task kunit_try_catch/286 [ 21.973886] [ 21.973967] CPU: 0 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 21.974082] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.974116] Hardware name: linux,dummy-virt (DT) [ 21.974166] Call trace: [ 21.974196] show_stack+0x20/0x38 (C) [ 21.974261] dump_stack_lvl+0x8c/0xd0 [ 21.974321] print_report+0x118/0x608 [ 21.974374] kasan_report+0xdc/0x128 [ 21.974425] kasan_check_range+0x100/0x1a8 [ 21.974481] __kasan_check_write+0x20/0x30 [ 21.974532] copy_user_test_oob+0x234/0xec8 [ 21.974583] kunit_try_run_case+0x170/0x3f0 [ 21.974640] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.974699] kthread+0x328/0x630 [ 21.974749] ret_from_fork+0x10/0x20 [ 21.974806] [ 21.974829] Allocated by task 286: [ 21.974866] kasan_save_stack+0x3c/0x68 [ 21.975017] kasan_save_track+0x20/0x40 [ 21.975097] kasan_save_alloc_info+0x40/0x58 [ 21.976122] __kasan_kmalloc+0xd4/0xd8 [ 21.976594] __kmalloc_noprof+0x198/0x4c8 [ 21.976972] kunit_kmalloc_array+0x34/0x88 [ 21.977089] copy_user_test_oob+0xac/0xec8 [ 21.977292] kunit_try_run_case+0x170/0x3f0 [ 21.977396] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.977874] kthread+0x328/0x630 [ 21.978091] ret_from_fork+0x10/0x20 [ 21.978217] [ 21.978299] The buggy address belongs to the object at fff00000c76c3a00 [ 21.978299] which belongs to the cache kmalloc-128 of size 128 [ 21.979047] The buggy address is located 0 bytes inside of [ 21.979047] allocated 120-byte region [fff00000c76c3a00, fff00000c76c3a78) [ 21.979219] [ 21.979478] The buggy address belongs to the physical page: [ 21.979528] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1076c3 [ 21.979603] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.979667] page_type: f5(slab) [ 21.979871] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.980321] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.980453] page dumped because: kasan: bad access detected [ 21.980628] [ 21.980706] Memory state around the buggy address: [ 21.981146] fff00000c76c3900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.981555] fff00000c76c3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.982142] >fff00000c76c3a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.982290] ^ [ 21.982572] fff00000c76c3a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.982818] fff00000c76c3b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.982926] ================================================================== [ 22.061149] ================================================================== [ 22.061408] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 22.061830] Read of size 121 at addr fff00000c76c3a00 by task kunit_try_catch/286 [ 22.062052] [ 22.062170] CPU: 0 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 22.062274] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.062304] Hardware name: linux,dummy-virt (DT) [ 22.062588] Call trace: [ 22.062775] show_stack+0x20/0x38 (C) [ 22.062854] dump_stack_lvl+0x8c/0xd0 [ 22.063103] print_report+0x118/0x608 [ 22.063421] kasan_report+0xdc/0x128 [ 22.063687] kasan_check_range+0x100/0x1a8 [ 22.063920] __kasan_check_read+0x20/0x30 [ 22.064107] copy_user_test_oob+0x4a0/0xec8 [ 22.064271] kunit_try_run_case+0x170/0x3f0 [ 22.064342] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.064404] kthread+0x328/0x630 [ 22.064459] ret_from_fork+0x10/0x20 [ 22.064519] [ 22.064542] Allocated by task 286: [ 22.064578] kasan_save_stack+0x3c/0x68 [ 22.064842] kasan_save_track+0x20/0x40 [ 22.065268] kasan_save_alloc_info+0x40/0x58 [ 22.065580] __kasan_kmalloc+0xd4/0xd8 [ 22.065752] __kmalloc_noprof+0x198/0x4c8 [ 22.065937] kunit_kmalloc_array+0x34/0x88 [ 22.065996] copy_user_test_oob+0xac/0xec8 [ 22.066046] kunit_try_run_case+0x170/0x3f0 [ 22.066090] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.066218] kthread+0x328/0x630 [ 22.066270] ret_from_fork+0x10/0x20 [ 22.066315] [ 22.066351] The buggy address belongs to the object at fff00000c76c3a00 [ 22.066351] which belongs to the cache kmalloc-128 of size 128 [ 22.066444] The buggy address is located 0 bytes inside of [ 22.066444] allocated 120-byte region [fff00000c76c3a00, fff00000c76c3a78) [ 22.066518] [ 22.066558] The buggy address belongs to the physical page: [ 22.066608] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1076c3 [ 22.066671] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 22.066747] page_type: f5(slab) [ 22.066805] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 22.066866] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.066927] page dumped because: kasan: bad access detected [ 22.066965] [ 22.066997] Memory state around the buggy address: [ 22.067038] fff00000c76c3900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.067315] fff00000c76c3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.067398] >fff00000c76c3a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.067928] ^ [ 22.068362] fff00000c76c3a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.068428] fff00000c76c3b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.068659] ================================================================== [ 22.049300] ================================================================== [ 22.049388] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 22.049462] Write of size 121 at addr fff00000c76c3a00 by task kunit_try_catch/286 [ 22.049525] [ 22.049571] CPU: 0 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 22.049662] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.049694] Hardware name: linux,dummy-virt (DT) [ 22.049968] Call trace: [ 22.050013] show_stack+0x20/0x38 (C) [ 22.050077] dump_stack_lvl+0x8c/0xd0 [ 22.050149] print_report+0x118/0x608 [ 22.050204] kasan_report+0xdc/0x128 [ 22.050252] kasan_check_range+0x100/0x1a8 [ 22.050306] __kasan_check_write+0x20/0x30 [ 22.050354] copy_user_test_oob+0x434/0xec8 [ 22.050408] kunit_try_run_case+0x170/0x3f0 [ 22.050461] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.050520] kthread+0x328/0x630 [ 22.050586] ret_from_fork+0x10/0x20 [ 22.050644] [ 22.050666] Allocated by task 286: [ 22.050702] kasan_save_stack+0x3c/0x68 [ 22.050750] kasan_save_track+0x20/0x40 [ 22.050794] kasan_save_alloc_info+0x40/0x58 [ 22.050839] __kasan_kmalloc+0xd4/0xd8 [ 22.050891] __kmalloc_noprof+0x198/0x4c8 [ 22.050934] kunit_kmalloc_array+0x34/0x88 [ 22.050985] copy_user_test_oob+0xac/0xec8 [ 22.051026] kunit_try_run_case+0x170/0x3f0 [ 22.051070] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.052155] kthread+0x328/0x630 [ 22.052205] ret_from_fork+0x10/0x20 [ 22.052261] [ 22.052287] The buggy address belongs to the object at fff00000c76c3a00 [ 22.052287] which belongs to the cache kmalloc-128 of size 128 [ 22.053043] The buggy address is located 0 bytes inside of [ 22.053043] allocated 120-byte region [fff00000c76c3a00, fff00000c76c3a78) [ 22.053337] [ 22.053489] The buggy address belongs to the physical page: [ 22.053543] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1076c3 [ 22.053719] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 22.053784] page_type: f5(slab) [ 22.054433] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 22.054518] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.055059] page dumped because: kasan: bad access detected [ 22.055428] [ 22.055798] Memory state around the buggy address: [ 22.055856] fff00000c76c3900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.055912] fff00000c76c3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.056418] >fff00000c76c3a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.056559] ^ [ 22.056812] fff00000c76c3a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.057026] fff00000c76c3b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.057461] ================================================================== [ 22.036600] ================================================================== [ 22.036682] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 22.037149] Read of size 121 at addr fff00000c76c3a00 by task kunit_try_catch/286 [ 22.037234] [ 22.037278] CPU: 0 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 22.037386] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.037419] Hardware name: linux,dummy-virt (DT) [ 22.037456] Call trace: [ 22.037482] show_stack+0x20/0x38 (C) [ 22.037541] dump_stack_lvl+0x8c/0xd0 [ 22.037636] print_report+0x118/0x608 [ 22.037692] kasan_report+0xdc/0x128 [ 22.037743] kasan_check_range+0x100/0x1a8 [ 22.037795] __kasan_check_read+0x20/0x30 [ 22.037845] copy_user_test_oob+0x3c8/0xec8 [ 22.037897] kunit_try_run_case+0x170/0x3f0 [ 22.037950] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.038027] kthread+0x328/0x630 [ 22.038074] ret_from_fork+0x10/0x20 [ 22.038127] [ 22.039481] Allocated by task 286: [ 22.039786] kasan_save_stack+0x3c/0x68 [ 22.040027] kasan_save_track+0x20/0x40 [ 22.040083] kasan_save_alloc_info+0x40/0x58 [ 22.040334] __kasan_kmalloc+0xd4/0xd8 [ 22.040744] __kmalloc_noprof+0x198/0x4c8 [ 22.040862] kunit_kmalloc_array+0x34/0x88 [ 22.041188] copy_user_test_oob+0xac/0xec8 [ 22.041371] kunit_try_run_case+0x170/0x3f0 [ 22.041482] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.041541] kthread+0x328/0x630 [ 22.041767] ret_from_fork+0x10/0x20 [ 22.041923] [ 22.042374] The buggy address belongs to the object at fff00000c76c3a00 [ 22.042374] which belongs to the cache kmalloc-128 of size 128 [ 22.042591] The buggy address is located 0 bytes inside of [ 22.042591] allocated 120-byte region [fff00000c76c3a00, fff00000c76c3a78) [ 22.042906] [ 22.042940] The buggy address belongs to the physical page: [ 22.043273] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1076c3 [ 22.043901] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 22.044084] page_type: f5(slab) [ 22.044220] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 22.044477] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.044533] page dumped because: kasan: bad access detected [ 22.044644] [ 22.044941] Memory state around the buggy address: [ 22.045001] fff00000c76c3900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.045534] fff00000c76c3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.045872] >fff00000c76c3a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.046197] ^ [ 22.046467] fff00000c76c3a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.046875] fff00000c76c3b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.046937] ================================================================== [ 22.023788] ================================================================== [ 22.023903] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 22.023983] Write of size 121 at addr fff00000c76c3a00 by task kunit_try_catch/286 [ 22.024206] [ 22.024293] CPU: 0 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 22.024701] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.024750] Hardware name: linux,dummy-virt (DT) [ 22.024978] Call trace: [ 22.025015] show_stack+0x20/0x38 (C) [ 22.025098] dump_stack_lvl+0x8c/0xd0 [ 22.025394] print_report+0x118/0x608 [ 22.025470] kasan_report+0xdc/0x128 [ 22.025596] kasan_check_range+0x100/0x1a8 [ 22.025713] __kasan_check_write+0x20/0x30 [ 22.025937] copy_user_test_oob+0x35c/0xec8 [ 22.026081] kunit_try_run_case+0x170/0x3f0 [ 22.026361] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.026789] kthread+0x328/0x630 [ 22.026922] ret_from_fork+0x10/0x20 [ 22.027048] [ 22.027383] Allocated by task 286: [ 22.027494] kasan_save_stack+0x3c/0x68 [ 22.027744] kasan_save_track+0x20/0x40 [ 22.027948] kasan_save_alloc_info+0x40/0x58 [ 22.028015] __kasan_kmalloc+0xd4/0xd8 [ 22.028058] __kmalloc_noprof+0x198/0x4c8 [ 22.028504] kunit_kmalloc_array+0x34/0x88 [ 22.028764] copy_user_test_oob+0xac/0xec8 [ 22.029080] kunit_try_run_case+0x170/0x3f0 [ 22.029225] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.029454] kthread+0x328/0x630 [ 22.029602] ret_from_fork+0x10/0x20 [ 22.030428] [ 22.030484] The buggy address belongs to the object at fff00000c76c3a00 [ 22.030484] which belongs to the cache kmalloc-128 of size 128 [ 22.030583] The buggy address is located 0 bytes inside of [ 22.030583] allocated 120-byte region [fff00000c76c3a00, fff00000c76c3a78) [ 22.030694] [ 22.030938] The buggy address belongs to the physical page: [ 22.031235] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1076c3 [ 22.031353] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 22.031420] page_type: f5(slab) [ 22.031471] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 22.031530] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.032271] page dumped because: kasan: bad access detected [ 22.032345] [ 22.032593] Memory state around the buggy address: [ 22.032643] fff00000c76c3900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.032905] fff00000c76c3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.033331] >fff00000c76c3a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.033621] ^ [ 22.033942] fff00000c76c3a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.034013] fff00000c76c3b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.034198] ================================================================== [ 21.993314] ================================================================== [ 21.994919] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 21.995051] Read of size 121 at addr fff00000c76c3a00 by task kunit_try_catch/286 [ 21.995313] [ 21.995515] CPU: 0 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 21.995728] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.996095] Hardware name: linux,dummy-virt (DT) [ 21.996335] Call trace: [ 21.996586] show_stack+0x20/0x38 (C) [ 21.996800] dump_stack_lvl+0x8c/0xd0 [ 21.996954] print_report+0x118/0x608 [ 21.997093] kasan_report+0xdc/0x128 [ 21.997213] kasan_check_range+0x100/0x1a8 [ 21.997767] __kasan_check_read+0x20/0x30 [ 21.997852] copy_user_test_oob+0x728/0xec8 [ 21.998223] kunit_try_run_case+0x170/0x3f0 [ 21.998537] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.998816] kthread+0x328/0x630 [ 21.998915] ret_from_fork+0x10/0x20 [ 21.998998] [ 21.999034] Allocated by task 286: [ 21.999079] kasan_save_stack+0x3c/0x68 [ 21.999777] kasan_save_track+0x20/0x40 [ 22.000552] kasan_save_alloc_info+0x40/0x58 [ 22.000886] __kasan_kmalloc+0xd4/0xd8 [ 22.001275] __kmalloc_noprof+0x198/0x4c8 [ 22.001393] kunit_kmalloc_array+0x34/0x88 [ 22.001579] copy_user_test_oob+0xac/0xec8 [ 22.001694] kunit_try_run_case+0x170/0x3f0 [ 22.001931] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.002167] kthread+0x328/0x630 [ 22.002290] ret_from_fork+0x10/0x20 [ 22.002757] [ 22.002869] The buggy address belongs to the object at fff00000c76c3a00 [ 22.002869] which belongs to the cache kmalloc-128 of size 128 [ 22.003008] The buggy address is located 0 bytes inside of [ 22.003008] allocated 120-byte region [fff00000c76c3a00, fff00000c76c3a78) [ 22.003446] [ 22.003504] The buggy address belongs to the physical page: [ 22.003570] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1076c3 [ 22.003662] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 22.003725] page_type: f5(slab) [ 22.003774] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 22.003833] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.004267] page dumped because: kasan: bad access detected [ 22.004901] [ 22.005017] Memory state around the buggy address: [ 22.005199] fff00000c76c3900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.005255] fff00000c76c3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.005582] >fff00000c76c3a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.005727] ^ [ 22.006259] fff00000c76c3a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.006338] fff00000c76c3b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.006391] ==================================================================
[ 15.495130] ================================================================== [ 15.495484] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 15.495838] Write of size 121 at addr ffff88810258dd00 by task kunit_try_catch/302 [ 15.496244] [ 15.496357] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.496421] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.496434] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.496458] Call Trace: [ 15.496472] <TASK> [ 15.496492] dump_stack_lvl+0x73/0xb0 [ 15.496522] print_report+0xd1/0x650 [ 15.496547] ? __virt_addr_valid+0x1db/0x2d0 [ 15.496572] ? copy_user_test_oob+0x3fd/0x10f0 [ 15.496595] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.496618] ? copy_user_test_oob+0x3fd/0x10f0 [ 15.496641] kasan_report+0x141/0x180 [ 15.496665] ? copy_user_test_oob+0x3fd/0x10f0 [ 15.496693] kasan_check_range+0x10c/0x1c0 [ 15.496718] __kasan_check_write+0x18/0x20 [ 15.496739] copy_user_test_oob+0x3fd/0x10f0 [ 15.496765] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.496788] ? finish_task_switch.isra.0+0x153/0x700 [ 15.496812] ? __switch_to+0x47/0xf50 [ 15.496839] ? __schedule+0x10cc/0x2b60 [ 15.496863] ? __pfx_read_tsc+0x10/0x10 [ 15.496885] ? ktime_get_ts64+0x86/0x230 [ 15.496910] kunit_try_run_case+0x1a5/0x480 [ 15.496935] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.496957] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.496982] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.497006] ? __kthread_parkme+0x82/0x180 [ 15.497028] ? preempt_count_sub+0x50/0x80 [ 15.497051] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.497075] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.497099] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.497122] kthread+0x337/0x6f0 [ 15.497143] ? trace_preempt_on+0x20/0xc0 [ 15.497168] ? __pfx_kthread+0x10/0x10 [ 15.497189] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.497210] ? calculate_sigpending+0x7b/0xa0 [ 15.497236] ? __pfx_kthread+0x10/0x10 [ 15.497258] ret_from_fork+0x116/0x1d0 [ 15.497277] ? __pfx_kthread+0x10/0x10 [ 15.497297] ret_from_fork_asm+0x1a/0x30 [ 15.497328] </TASK> [ 15.497341] [ 15.504168] Allocated by task 302: [ 15.504366] kasan_save_stack+0x45/0x70 [ 15.504593] kasan_save_track+0x18/0x40 [ 15.504787] kasan_save_alloc_info+0x3b/0x50 [ 15.505004] __kasan_kmalloc+0xb7/0xc0 [ 15.505195] __kmalloc_noprof+0x1c9/0x500 [ 15.505407] kunit_kmalloc_array+0x25/0x60 [ 15.505625] copy_user_test_oob+0xab/0x10f0 [ 15.505784] kunit_try_run_case+0x1a5/0x480 [ 15.505983] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.506217] kthread+0x337/0x6f0 [ 15.506367] ret_from_fork+0x116/0x1d0 [ 15.506538] ret_from_fork_asm+0x1a/0x30 [ 15.506756] [ 15.506856] The buggy address belongs to the object at ffff88810258dd00 [ 15.506856] which belongs to the cache kmalloc-128 of size 128 [ 15.507321] The buggy address is located 0 bytes inside of [ 15.507321] allocated 120-byte region [ffff88810258dd00, ffff88810258dd78) [ 15.507782] [ 15.507857] The buggy address belongs to the physical page: [ 15.508032] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10258d [ 15.508279] flags: 0x200000000000000(node=0|zone=2) [ 15.508543] page_type: f5(slab) [ 15.508716] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.509053] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.509330] page dumped because: kasan: bad access detected [ 15.509513] [ 15.509585] Memory state around the buggy address: [ 15.509740] ffff88810258dc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.510095] ffff88810258dc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.510424] >ffff88810258dd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.510750] ^ [ 15.511362] ffff88810258dd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.511691] ffff88810258de00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.511943] ================================================================== [ 15.512615] ================================================================== [ 15.512986] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 15.513225] Read of size 121 at addr ffff88810258dd00 by task kunit_try_catch/302 [ 15.513488] [ 15.513611] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.513655] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.513668] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.513692] Call Trace: [ 15.513708] <TASK> [ 15.513724] dump_stack_lvl+0x73/0xb0 [ 15.513753] print_report+0xd1/0x650 [ 15.513776] ? __virt_addr_valid+0x1db/0x2d0 [ 15.513799] ? copy_user_test_oob+0x4aa/0x10f0 [ 15.513823] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.513845] ? copy_user_test_oob+0x4aa/0x10f0 [ 15.513868] kasan_report+0x141/0x180 [ 15.513892] ? copy_user_test_oob+0x4aa/0x10f0 [ 15.513920] kasan_check_range+0x10c/0x1c0 [ 15.513944] __kasan_check_read+0x15/0x20 [ 15.513964] copy_user_test_oob+0x4aa/0x10f0 [ 15.513990] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.514012] ? finish_task_switch.isra.0+0x153/0x700 [ 15.514035] ? __switch_to+0x47/0xf50 [ 15.514061] ? __schedule+0x10cc/0x2b60 [ 15.514084] ? __pfx_read_tsc+0x10/0x10 [ 15.514105] ? ktime_get_ts64+0x86/0x230 [ 15.514129] kunit_try_run_case+0x1a5/0x480 [ 15.514154] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.514177] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.514200] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.514223] ? __kthread_parkme+0x82/0x180 [ 15.514245] ? preempt_count_sub+0x50/0x80 [ 15.514268] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.514292] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.514316] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.514340] kthread+0x337/0x6f0 [ 15.514360] ? trace_preempt_on+0x20/0xc0 [ 15.514395] ? __pfx_kthread+0x10/0x10 [ 15.514416] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.514438] ? calculate_sigpending+0x7b/0xa0 [ 15.514463] ? __pfx_kthread+0x10/0x10 [ 15.514484] ret_from_fork+0x116/0x1d0 [ 15.514504] ? __pfx_kthread+0x10/0x10 [ 15.514525] ret_from_fork_asm+0x1a/0x30 [ 15.514555] </TASK> [ 15.514568] [ 15.521607] Allocated by task 302: [ 15.521932] kasan_save_stack+0x45/0x70 [ 15.522217] kasan_save_track+0x18/0x40 [ 15.522424] kasan_save_alloc_info+0x3b/0x50 [ 15.522709] __kasan_kmalloc+0xb7/0xc0 [ 15.522943] __kmalloc_noprof+0x1c9/0x500 [ 15.523099] kunit_kmalloc_array+0x25/0x60 [ 15.523246] copy_user_test_oob+0xab/0x10f0 [ 15.523402] kunit_try_run_case+0x1a5/0x480 [ 15.523626] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.523880] kthread+0x337/0x6f0 [ 15.524058] ret_from_fork+0x116/0x1d0 [ 15.524246] ret_from_fork_asm+0x1a/0x30 [ 15.524461] [ 15.524558] The buggy address belongs to the object at ffff88810258dd00 [ 15.524558] which belongs to the cache kmalloc-128 of size 128 [ 15.525009] The buggy address is located 0 bytes inside of [ 15.525009] allocated 120-byte region [ffff88810258dd00, ffff88810258dd78) [ 15.525505] [ 15.525603] The buggy address belongs to the physical page: [ 15.525819] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10258d [ 15.526062] flags: 0x200000000000000(node=0|zone=2) [ 15.526225] page_type: f5(slab) [ 15.526346] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.526655] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.526989] page dumped because: kasan: bad access detected [ 15.527227] [ 15.527297] Memory state around the buggy address: [ 15.527518] ffff88810258dc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.527930] ffff88810258dc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.528187] >ffff88810258dd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.528411] ^ [ 15.528742] ffff88810258dd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.529063] ffff88810258de00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.529407] ================================================================== [ 15.555506] ================================================================== [ 15.556107] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 15.556527] Read of size 121 at addr ffff88810258dd00 by task kunit_try_catch/302 [ 15.557108] [ 15.557226] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.557430] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.557448] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.557471] Call Trace: [ 15.557488] <TASK> [ 15.557506] dump_stack_lvl+0x73/0xb0 [ 15.557536] print_report+0xd1/0x650 [ 15.557560] ? __virt_addr_valid+0x1db/0x2d0 [ 15.557593] ? copy_user_test_oob+0x604/0x10f0 [ 15.557616] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.557639] ? copy_user_test_oob+0x604/0x10f0 [ 15.557662] kasan_report+0x141/0x180 [ 15.557684] ? copy_user_test_oob+0x604/0x10f0 [ 15.557713] kasan_check_range+0x10c/0x1c0 [ 15.557738] __kasan_check_read+0x15/0x20 [ 15.557758] copy_user_test_oob+0x604/0x10f0 [ 15.557783] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.557807] ? finish_task_switch.isra.0+0x153/0x700 [ 15.557831] ? __switch_to+0x47/0xf50 [ 15.557858] ? __schedule+0x10cc/0x2b60 [ 15.557882] ? __pfx_read_tsc+0x10/0x10 [ 15.557903] ? ktime_get_ts64+0x86/0x230 [ 15.557929] kunit_try_run_case+0x1a5/0x480 [ 15.557954] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.557977] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.558001] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.558024] ? __kthread_parkme+0x82/0x180 [ 15.558045] ? preempt_count_sub+0x50/0x80 [ 15.558069] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.558093] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.558116] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.558140] kthread+0x337/0x6f0 [ 15.558160] ? trace_preempt_on+0x20/0xc0 [ 15.558186] ? __pfx_kthread+0x10/0x10 [ 15.558207] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.558228] ? calculate_sigpending+0x7b/0xa0 [ 15.558253] ? __pfx_kthread+0x10/0x10 [ 15.558275] ret_from_fork+0x116/0x1d0 [ 15.558294] ? __pfx_kthread+0x10/0x10 [ 15.558315] ret_from_fork_asm+0x1a/0x30 [ 15.558344] </TASK> [ 15.558357] [ 15.568355] Allocated by task 302: [ 15.568557] kasan_save_stack+0x45/0x70 [ 15.569091] kasan_save_track+0x18/0x40 [ 15.569395] kasan_save_alloc_info+0x3b/0x50 [ 15.569626] __kasan_kmalloc+0xb7/0xc0 [ 15.569909] __kmalloc_noprof+0x1c9/0x500 [ 15.570187] kunit_kmalloc_array+0x25/0x60 [ 15.570513] copy_user_test_oob+0xab/0x10f0 [ 15.570803] kunit_try_run_case+0x1a5/0x480 [ 15.571103] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.571355] kthread+0x337/0x6f0 [ 15.571544] ret_from_fork+0x116/0x1d0 [ 15.571927] ret_from_fork_asm+0x1a/0x30 [ 15.572206] [ 15.572481] The buggy address belongs to the object at ffff88810258dd00 [ 15.572481] which belongs to the cache kmalloc-128 of size 128 [ 15.573094] The buggy address is located 0 bytes inside of [ 15.573094] allocated 120-byte region [ffff88810258dd00, ffff88810258dd78) [ 15.573672] [ 15.573779] The buggy address belongs to the physical page: [ 15.574024] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10258d [ 15.574342] flags: 0x200000000000000(node=0|zone=2) [ 15.574839] page_type: f5(slab) [ 15.575144] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.575492] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.576045] page dumped because: kasan: bad access detected [ 15.576403] [ 15.576700] Memory state around the buggy address: [ 15.576934] ffff88810258dc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.577316] ffff88810258dc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.577720] >ffff88810258dd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.578012] ^ [ 15.578317] ffff88810258dd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.578630] ffff88810258de00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.579190] ================================================================== [ 15.530249] ================================================================== [ 15.531191] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 15.532322] Write of size 121 at addr ffff88810258dd00 by task kunit_try_catch/302 [ 15.532762] [ 15.532881] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.532926] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.533117] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.533141] Call Trace: [ 15.533157] <TASK> [ 15.533288] dump_stack_lvl+0x73/0xb0 [ 15.533325] print_report+0xd1/0x650 [ 15.533351] ? __virt_addr_valid+0x1db/0x2d0 [ 15.533387] ? copy_user_test_oob+0x557/0x10f0 [ 15.533410] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.533433] ? copy_user_test_oob+0x557/0x10f0 [ 15.533456] kasan_report+0x141/0x180 [ 15.533478] ? copy_user_test_oob+0x557/0x10f0 [ 15.533508] kasan_check_range+0x10c/0x1c0 [ 15.533533] __kasan_check_write+0x18/0x20 [ 15.533553] copy_user_test_oob+0x557/0x10f0 [ 15.533591] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.533614] ? finish_task_switch.isra.0+0x153/0x700 [ 15.533636] ? __switch_to+0x47/0xf50 [ 15.533662] ? __schedule+0x10cc/0x2b60 [ 15.533685] ? __pfx_read_tsc+0x10/0x10 [ 15.533706] ? ktime_get_ts64+0x86/0x230 [ 15.533730] kunit_try_run_case+0x1a5/0x480 [ 15.533755] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.533778] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.533802] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.533825] ? __kthread_parkme+0x82/0x180 [ 15.533847] ? preempt_count_sub+0x50/0x80 [ 15.533872] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.533896] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.533919] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.533943] kthread+0x337/0x6f0 [ 15.533963] ? trace_preempt_on+0x20/0xc0 [ 15.533986] ? __pfx_kthread+0x10/0x10 [ 15.534008] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.534031] ? calculate_sigpending+0x7b/0xa0 [ 15.534056] ? __pfx_kthread+0x10/0x10 [ 15.534078] ret_from_fork+0x116/0x1d0 [ 15.534098] ? __pfx_kthread+0x10/0x10 [ 15.534119] ret_from_fork_asm+0x1a/0x30 [ 15.534150] </TASK> [ 15.534162] [ 15.544348] Allocated by task 302: [ 15.544745] kasan_save_stack+0x45/0x70 [ 15.545034] kasan_save_track+0x18/0x40 [ 15.545181] kasan_save_alloc_info+0x3b/0x50 [ 15.545402] __kasan_kmalloc+0xb7/0xc0 [ 15.545803] __kmalloc_noprof+0x1c9/0x500 [ 15.546004] kunit_kmalloc_array+0x25/0x60 [ 15.546163] copy_user_test_oob+0xab/0x10f0 [ 15.546513] kunit_try_run_case+0x1a5/0x480 [ 15.546865] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.547200] kthread+0x337/0x6f0 [ 15.547459] ret_from_fork+0x116/0x1d0 [ 15.547748] ret_from_fork_asm+0x1a/0x30 [ 15.548045] [ 15.548125] The buggy address belongs to the object at ffff88810258dd00 [ 15.548125] which belongs to the cache kmalloc-128 of size 128 [ 15.548959] The buggy address is located 0 bytes inside of [ 15.548959] allocated 120-byte region [ffff88810258dd00, ffff88810258dd78) [ 15.549428] [ 15.549532] The buggy address belongs to the physical page: [ 15.549846] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10258d [ 15.550183] flags: 0x200000000000000(node=0|zone=2) [ 15.550414] page_type: f5(slab) [ 15.550573] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.550885] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.551193] page dumped because: kasan: bad access detected [ 15.551956] [ 15.552051] Memory state around the buggy address: [ 15.552207] ffff88810258dc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.552765] ffff88810258dc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.553152] >ffff88810258dd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.553561] ^ [ 15.553954] ffff88810258dd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.554369] ffff88810258de00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.554806] ==================================================================